Http 403 error while getting vault repo metadata for 9.3 version


I need to get packages from the 9.3 vault repository but unfortunately this does not because I get a 403 permission denied error when trying to get the metadata:

curl -v
*   Trying
* Connected to ( port 443
* schannel: disabled automatic use of client certificate
* ALPN: curl offers http/1.1
* ALPN: server accepted http/1.1
* using HTTP/1.1
> GET /vault/rocky/9.3/BaseOS/x86_64/os/repodata/repomd.xml HTTP/1.1
> Host:
> User-Agent: curl/8.4.0
> Accept: */*
* schannel: remote party requests renegotiation
* schannel: renegotiating SSL/TLS connection
* schannel: SSL/TLS connection renegotiated
< HTTP/1.1 403 Forbidden
< Connection: keep-alive
< Content-Length: 146
< Content-Type: text/html
< Server: nginx
< Accept-Ranges: bytes
< Date: Mon, 01 Apr 2024 22:11:37 GMT
< Via: 1.1 varnish
< X-Served-By: cache-yyz4524-YYZ
< X-Cache: MISS
< X-Cache-Hits: 0
< X-Timer: S1712009498.520872,VS0,VE39
<head><title>403 Forbidden</title></head>
<center><h1>403 Forbidden</h1></center>
* Connection #0 to host left intact

All architectures have the same issue, not only x86_64

I checked the 9.2 version and this one works. So I guess it’s an issue in the repo build process somehow.

Is there another mirror that I can use for the vault repo? or can you fix the permissions?
I can probably figure out a way to scrap the website to rebuild a repo on my side but that will be far from efficient.

Let me know if that’s not the correct place to report this kind of issue.

Thank for your help


We keep the repodata locked on purpose to prevent mirror manager from picking it up during the scanning process.

It would help to know what exactly you need from the vault. If all you need is a couple of packages, it may just be easier to download and provide them yourself locally.


I basically need some older kernel packages (including -devel ones) because of some third-party tools requirements.
And since you are only keeping the latest kernel version in the main repo I need to get them from the vault one.
Having access to the metadata would have been way more easier to sync up those.
I don’t know beforehand which exact version I need, the tools usually need 1 or 2 version back,
Not ideal, but I guess my only option will be to scrap the website to find all the versions and push them in a local repo.

But just curious of the reasons behind only keeping the latest kernel version in the main repo and preventing the mirroring of the vault repos

In any case, thanks for the quick answer, it’s appreciated.